That works out to roughly $22.6 million lost every minute, every day, across governments, businesses and individuals. The cost of defending against those attacks is growing almost as fast. 

Global spending on cybersecurity is expected to approach $345 billion in 2026, and forecasts reveal total annual spending could reach $1 trillion by the early 2030s.

The average cost of a data breach in 2025 stood at $4.44 million globally, climbing to $10.22 million in the United States. Ransomware featured in around 44% of recorded breaches, even as fewer victims chose to pay. 

Cyber attacks increase continually year on year, driven by automation, better targeting and the simple fact that digital systems now underpin almost everything.

The attack surface is expanding faster than most organisations can secure it. 

What follows are the biggest cybersecurity threats businesses will face in 2026, based on patterns already visible today.

1. AI-Powered and Highly Targeted Cyber Attacks

Cyber attacks are becoming cheaper to launch and easier to scale. Criminal groups no longer need great technical skill to produce convincing phishing messages, fake voice calls or tailored malware. Attack campaigns are now personalised, fast and relentless.

Attackers are now using generative Al to create convincing phishing emails, deepfake audio/video, and automated malware. 

We are seeing more cases where attackers imitate senior executives, suppliers or regulators with unsettling accuracy. Finance teams, procurement units and public officials are frequent targets. 

The danger is not just deception, but speed. When a message looks real and arrives at the right moment, people act before they question it.

One of the cybersecurity threats in 2026 is volume combined with precision. These attacks do not rely on one success. They rely on thousands of attempts until one slips through.

2. Supply Chain and Third-Party Exposure

Major breaches over the past few years have shown a trend where attackers avoid heavily protected organisations and go after their suppliers instead. Software vendors, cloud platforms, managed service providers and open-source projects are all attractive targets.

One compromised update or exposed interface can grant access to hundreds or thousands of downstream organisations. In 2026, this risk grows as companies rely even more on external software, shared services and automated integrations.

Trust has become a vulnerability. Many organisations still assume that partners are secure simply because they are established or well known. Attackers know better.

3. Ransomware Without Limits

Ransomware has changed. Encryption alone is no longer the main weapon. Today’s attacks focus on data theft, public exposure and operational disruption. Systems may be damaged even if no ransom is paid.

In healthcare, finance and government, attackers now aim to interrupt services rather than lock files. Stolen data is used as leverage, sometimes months after the initial breach. Payment rates have fallen to roughly a quarter of victims, but disruption costs continually increase.

By 2026, ransomware will not be about files but about leverage. The damage is reputational, legal and operational.

4. Cloud Misconfiguration and Identity Abuse

The cloud has simplified technology and complicated security. Most breaches no longer begin with malware. They begin with stolen credentials, excessive access rights or exposed services.

Storage systems left open to the internet, poorly protected interfaces and unmanaged applications are common. Once attackers gain a foothold, they move silently using legitimate accounts, usually undetected for weeks.

The risk in 2026 is not cloud adoption itself, but poor management over who can access what. Identity has become the new perimeter, and many organisations are still treating it as an afterthought.

5. Insider Threats and Strategic Data Leaks

Not all threats come from outside. Employees, contractors and partners can also cause serious breaches, sometimes through carelessness, sometimes deliberately.

With data becoming more valuable, internal access becomes more dangerous. Sensitive customer records, proprietary software, internal research and training data are now high-value assets. In some cases, they are stolen not for immediate profit, but for long-term advantage.

In 2026, insider risk is harder to spot because work is more distributed and access is wider. Trust is necessary, but unchecked trust is risky.

6. Connected Devices and Smart Infrastructure

From factories to hospitals to city streets, connected devices are everywhere. Many of them were designed for function, not security. Weak passwords, outdated software and limited monitoring are common.

Smart grids, traffic systems, medical equipment and industrial controls are now part of the digital ecosystem. A single exposed device can become an entry point into much larger systems.

Disruption to these environments can affect safety, not just data. With smart infrastructure expanding, so does its appeal to attackers.

7. Attacks on Energy and Critical Infrastructure

Energy systems, data centres and communication networks are indispensable to economic stability. They are also highly targeted.

Power grids, fuel distribution, water systems and large-scale computing facilities represent high-impact targets. Attacks do not need to cause physical damage to be effective. Temporary disruption can be enough to cause financial loss, public concern or political issues.

By 2026, these systems will get higher attention from both criminal and state-linked actors. Defence in this area is beyond a technical issue. It is a national one.

8. Geopolitical Cyber Conflict

Cyber operations have become a standard tool in global disputes. Election interference, sabotage, data theft and disinformation campaigns are now routine features of geopolitical tension.

The line between crime and conflict is usually blurred. Some attacks are tolerated, others encouraged, knowingly or unknowingly. Attribution is difficult, and response options are limited.

In 2026, organisations operating across borders will face more exposure, whether they are directly targeted or caught in the middle.

9. Long-Term Encryption Risk

While advanced computing threats are not yet mainstream, attackers are already preparing for them. Sensitive data is being stolen and stored with the expectation that future advances will make today’s encryption easier to break.

This is not a problem for tomorrow. It is a problem created today. Intellectual property, state secrets and personal records stolen now may remain valuable for decades.

Organisations handling long-life data need to consider this risk now, not after standards change.

10. Regulation, Liability and Cost of Failure

Cybersecurity has moved into the legal and regulatory arena. Data protection laws, infrastructure regulations and sector-specific standards are getting more attention.

A breach is no longer just an incident but a compliance issue, a legal risk and a reputational crisis. Fines, lawsuits and operational restrictions are becoming more common.

In 2026, the cost of getting security wrong will extend well beyond technical recovery.

What This Means for 2026

The case is not that technology is failing but that complexity is winning. Systems are growing faster than proper management, and attackers are exploiting the gaps.

Security in 2026 will not depend on buying new tools, we need to know what systems exist, who can access them, and how quickly incidents can be contained.

The organisations that cope best will not be those with the biggest budgets, but those that understand their risks solidly and act early. Cyber threats are not an abstract danger but a constant cost of doing business, and in some cases, of keeping the lights on.

Introduction: A Budget at the Crossroads of History

With projected revenues of ₦34.33 trillion and a capital expenditure of ₦26.08 trillion, the budget is framed as a programme of renewal, prudence, and growth. Yet beyond the numbers lies a deeper question: how will this budget shape Nigeria’s destiny in the Digital Age?

As the First African Professor of Cybersecurity and Information Technology Management, and as one committed to the ethical, spiritual, and developmental transformation of our nation, I believe this budget must be interpreted not only through economic lenses but through the imperatives of digital civilisation. Nigeria is no longer merely a nation of natural resources; we are a nation of human capital, digital potential, and untapped innovation.

2026 in Global Perspective: A Year of Digital Acceleration

A projective outlook into 2026 reveals a world accelerating toward deeper technological integration. Artificial intelligence will continue to reshape industries, digital currencies will influence global finance, cybersecurity threats will grow in sophistication, and nations will increasingly compete based on the strength of their digital infrastructure and innovation capacity.

For Nigeria, 2026 is not simply another fiscal year; it is a pivotal moment to position ourselves as a continental leader in digital transformation.

The global economy is shifting toward knowledge, data, and automation. Countries that fail to adapt risk being left behind. This budget, if implemented with foresight, can help Nigeria transition from a resource‑dependent economy to a digitally empowered, innovation‑driven society.

A Realistic Budget That Must Be Matched With Digital Vision

The government’s conservative assumptions, crude oil at $64.85 per barrel, production at 1.84 million barrels per day, and an exchange rate of ₦1,400 to the dollar, reflect a pragmatic approach to fiscal planning. Yet realism must not become a ceiling on ambition.

In the Digital Age, nations do not rise by natural resources alone. They rise by the strength of their digital infrastructure, the resilience of their cybersecurity systems, the quality of their digital literacy, the vibrancy of their innovation ecosystems, and the efficiency of their technology‑driven governance.

The 2026 budget must therefore be seen as a Launchpad for Nigeria’s digital transformation, not merely a stabilisation tool.

Security: Beyond Physical Protection to Digital Sovereignty

Security receives the highest allocation at ₦5.41 trillion. This is appropriate, but Nigeria must now understand that security is no longer only territorial; it is digital.

Cybercrime, digital fraud, critical infrastructure attacks, and misinformation campaigns threaten national stability as much as physical insecurity. As a cybersecurity scholar and practitioner, I emphasise that Nigeria must invest in a national cyber defence architecture that protects our digital borders as firmly as our physical ones.

Security agencies must be equipped with AI‑driven intelligence systems. Digital forensics laboratories must be upgraded nationwide. Cybersecurity training must be embedded into all security institutions. A nation that is digitally vulnerable cannot be economically strong.

Infrastructure: Building the Digital Rails of the Future

Infrastructure, with an allocation of ₦3.56 trillion, must be understood in modern and forward‑looking terms. Infrastructure is no longer confined to roads and bridges; it now encompasses broadband penetration, data centres, cloud infrastructure, digital identity systems, smart transportation networks, and resilient power systems that can sustain a competitive digital economy.

This allocation must therefore be decisively channelled into building the digital rails of the future.

Expanding fibre‑optic networks to rural communities, supporting local technology manufacturing, enabling smart city development, strengthening the national digital identity ecosystem, and powering the emerging digital economy are not optional ambitions but urgent national imperatives.

Nigeria cannot industrialise without digitising, and the nation must embrace this truth with clarity, courage, and unwavering commitment.

Education: The Heart of Digital Empowerment

Education, with ₦3.52 trillion, remains the heart of national transformation. But the real question is: what kind of education are we funding?

Nigeria must shift from certificate‑driven schooling to skills‑driven learning, especially in cybersecurity, artificial intelligence, robotics, cloud computing, digital ethics, software engineering, and data science.

As someone who has spent decades shaping digital‑age pedagogy, I affirm that Nigeria must modernise curricula, equip teachers with digital competencies, build innovation labs in schools, and partner with global technology institutions. A digitally skilled population is the greatest asset of any modern nation.

Health: A Digital Pathway to National Well‑Being

The health sector’s allocation of ₦2.48 trillion must be used to build a technology‑enabled health ecosystem. Telemedicine, digital health records, AI‑assisted diagnostics, and health data analytics are no longer luxuries; they are necessities.

Nigeria must invest in digital health infrastructure, cybersecurity for health data, AI‑driven disease surveillance, and training health workers in digital tools. A healthy nation is a productive nation, and in the Digital Age, health is inseparable from technology.

Fiscal Sustainability: Accountability Through Digital Governance

The projected deficit of ₦23.85 trillion, representing 4.28% of GDP, underscores the urgent need for disciplined fiscal management. Yet discipline, on its own, is insufficient without a firm commitment to digital accountability that ensures transparency at every level of governance.

Nigeria must embrace blockchain‑based public finance tracking, open‑budget dashboards, AI‑powered fraud detection, and fully digitised procurement systems that eliminate opacity and close the loopholes through which public resources often disappear.

Every naira must be traceable, every project measurable, and every expenditure accountable in real time, not merely on paper.

Digital governance is the antidote to corruption, and Nigeria must adopt it with unwavering resolve if national development is to be protected from waste, mismanagement, and systemic inefficiency.

Citizenship in the Digital Age: A New National Mindset

Beyond government action, Nigerians themselves must embrace a new mindset, one that values innovation over imitation, skills over shortcuts, integrity over opportunism, collaboration over division, and digital literacy over digital dependency.

As a national evangelist, educator, and advocate for ethical digital transformation, I believe Nigeria’s renewal begins with the renewal of the Nigerian mind. The Digital Age demands a new kind of citizenship, one that is informed, responsible, and visionary.

A Call to National Unity and Digital Purpose

The 2026 Appropriation Bill is not perfect, no budget ever is. But it is a framework upon which Nigeria can build a future that is secure, prosperous, digitally advanced, and globally competitive.

We must therefore approach this fiscal year with unity of purpose, clarity of vision, and commitment to national transformation. Nigeria’s greatness will not emerge by accident. It will emerge by design—a digital design, a moral design, and a collective design.

Conclusion: Nigeria Must Answer the Call of the Future

The future is unmistakably digital, and Nigeria cannot afford to stand on the margins of global transformation. The 2026 Appropriation Bill offers a pivotal opportunity to align our national priorities with the demands of the Digital Age.

If implemented with integrity, innovation, and inclusiveness, it can spark a new era of renewal that strengthens institutions and empowers citizens. As leaders, we must embrace digital wisdom; as citizens, we must uphold digital responsibility; and as a people, we must believe in Nigeria’s capacity to lead with excellence and resilience.

The future is calling with urgency. Nigeria must answer with boldness, wisdom, and an unwavering commitment to digital progress.

The data places Nigeria at the centre of a continental problem. While Africa’s digital economy is expanding speedily, security readiness is struggling to keep pace. 

Across the continent, organisations recorded an average of 3,153 cyberattacks per week, compared with 1,963 globally, putting Africa among the most targeted regions in the world.

In Nigeria, the financial sector is the main target. Banks, payment platforms, and fintech firms continue to face heavy pressure from phishing, business email compromise, and credential theft. 

Telecoms, energy, and healthcare operators are also seeing growing exposure as cloud services, mobile platforms, and connected devices are rolled out faster than security controls can mature.

The unique part is not just volume, but method. Across Africa, 77% of organisations were affected by information disclosure incidents, meaning sensitive data was exposed through misconfigurations, weak access controls, or unsecured systems. 

Email is the most effective entry point, responsible for 80% of malicious file delivery, showing that basic weaknesses are still being exploited at scale.

Ransomware has also changed shape. The report shows that 41% of major incidents in Africa now involve data-leak extortion, where attackers steal information and threaten public exposure rather than relying solely on system encryption. 

This approach increases reputational damage and regulatory risk, even when core operations remain running.

In Nigeria, identity theft, stolen session tokens, and API abuse are now more common than traditional malware attacks. In simple terms, attackers are logging in using valid credentials instead of forcing their way through defences.

Beyond Nigeria, several African countries are facing high pressure when it comes to cyberattacks. Kenya recorded 3,758 attacks per organisation each week, while South Africa, Morocco, and other markets continue to see heavy targeting of government services, education systems, and telecom infrastructure.

The operational cost of these attacks is rising. African organisations take an average of 18 days to detect and contain a breach, six days longer than the global average. The report links this delay to skills shortages, fragmented tools, and limited incident response capacity across many sectors.

High-profile incidents in 2025 underline the risk. Data exposure at Seychelles Commercial Bank, service disruption at South African Airways, and unauthorised access to customer data at MTN South Africa all followed a similar pattern: customer-facing systems were targeted, investigations were triggered, and trust became the real casualty.

Regulation is now increasing the pressure. With Europe enforcing stricter cybersecurity regulations under the NIS2 directive, African companies that trade with EU partners are expected to prove strong cyber controls as a condition for market access. Security, the report notes, has become a commercial requirement, not a back-office concern.

From Nigeria to the rest of the continent, Africa’s digital growth is speeding up, but attackers are moving just as fast. 

Cybersecurity in Africa has gone beyond preparing for future risks. The threat is already here, and for countries like Nigeria, the cost of inaction is becoming impossible to ignore.

The Crown Prosecution Service (CPS) confirmed that 42 Bitcoin and other digital assets tied to Joseph James O’Connor will now be recovered under a Civil Recovery Order.

O’Connor, 26, had admitted to gaining access to dozens of high-profile Twitter accounts in July 2020, using them to push fake Bitcoin investment messages that deceived victims across multiple countries. 

The attack struck 130 accounts, including those of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Apple and Uber. With internal tools compromised, he bypassed security checks and password protections, turning some of the world’s most visible accounts into vehicles for fraud.

The CPS said the recovered assets show the current market value of the cryptocurrency O’Connor obtained through these schemes. British authorities worked with counterparts in the United States and Spain, where the Twitter hacker was arrested in 2021, to ensure the funds could not be hidden or moved before the order took effect.

Adrian Foster, chief crown prosecutor for the CPS Proceeds of Crime Division, said the case shows that British enforcement can still reach offenders convicted abroad. “Joseph James O’Connor targeted well-known individuals and used their accounts to scam people out of their crypto assets and money,” he said. 

“We were able to use the full force of our powers to ensure that even when someone is not convicted in the UK, we can still prevent them from benefiting from their criminality.”

O’Connor, widely known online as “PlugwalkJoe”, was later sentenced to five years in a U.S. court after pleading guilty to computer intrusion, wire fraud, extortion and charges linked to SIM-swapping attacks that stole cryptocurrency and personal data from additional victims.

The July 2020 breach exposed serious vulnerabilities in Twitter’s internal systems. Investigators found that unauthorised access to admin tools allowed hackers to reset passwords and override two-factor authentication. 

The fallout pushed Twitter, now X, to overhaul its internal security, tighten staff privileges, introduce multi-layered authentication for internal systems and expand training to minimise insider risks. 

The incident also led to discussions on the fragility of social-media infrastructure and the dangers of centralised access systems.

The order against O’Connor ranks among the largest crypto seizures tied to cybercrime in UK legal history. For British prosecutors, it stresses the current use of civil recovery powers to block criminals from profiting even when their convictions occur overseas.

International agencies involved in the case said the outcome reveals the scale of coordination now required to pursue cross-border cybercrime, especially offences involving cryptocurrency, fast-moving digital markets and globally used platforms.

The company’s Digital Crimes Unit (DCU), armed with a U.S. court order, seized 338 domains that cybercriminals used to impersonate Microsoft and trick unsuspecting users into entering their credentials. 

The operation, led by Nigeria-based developer Joshua Ogundipe, relied on Telegram to sell phishing kits to more than 850 subscribers.

According to Microsoft, the service has been used to steal at least 5,000 login details across 94 countries since it launched in July 2024. The group reportedly earned over $100,000 in cryptocurrency payments from customers who used its kits to run phishing campaigns.

Steven Masada, assistant general counsel at Microsoft’s DCU, warned about the simplicity, and the danger, of such services. “Cybercriminals don’t need to be sophisticated to cause widespread harm. Simple tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

Investigators said Raccoon0365 targeted a wide range of industries, including financial institutions and healthcare providers. One campaign, themed around U.S. tax filings, attempted to compromise more than 2,300 organisations in just two weeks earlier this year. 

Microsoft’s partner in the lawsuit, the Health Information Sharing & Analysis Centre (Health-ISAC), confirmed that at least five healthcare organisations had already fallen victim.

Errol Weiss, chief security officer at Health-ISAC, explained that: “So many of the attacks start because somebody gave up their user name and password to a bad guy. Once that cybercriminal has access to the network, then it’s just up to the imagination in terms of what comes next and how they monetise it.”

Cloudflare, which had unknowingly hosted some of the operators’ infrastructure, worked with Microsoft and the U.S. Secret Service to shut down the phishing network. 

The internet security company said the attackers were skilled but left operational security lapses that exposed their identities. Blake Darché, Cloudflare’s head of threat intelligence, stated: “They’re in people’s accounts, they compromise lots of people, and it needs to obviously be stopped.”

Court filings show that Ogundipe and his associates played specific roles including coding the phishing tools, managing subscriptions, and offering customer support to fellow cybercriminals. 

Investigators were able to tie him to the network after he mistakenly exposed a cryptocurrency wallet connected to the scheme. A criminal referral has been sent to international law enforcement.

The case highlights a disturbing evolution of phishing-as-a-service. Raccoon0365 recently introduced AI-MailCheck, an artificial intelligence feature designed to scale phishing operations further. Security researchers warn that this could make phishing attempts harder to detect and more damaging.

Check Point Research has noted that Microsoft is the most imitated brand in phishing attacks globally, accounting for 25% of attempts between April and June 2025; the rapid spread of networks like Raccoon0365 is a huge factor in this surge.

For Microsoft, the seizure is only one step. The company said more enforcement actions are expected as it works with global partners to dismantle the wider criminal ecosystem feeding off its brand identity.

The decision follows cases within government circles over what they describe as a “pattern of negligence” by social media firms in responding to police requests. Communications Minister Fahmi Fadzil criticised TikTok’s response times.

“TikTok was very slow in providing information… to the point that I had to call TikTok CEO Shou Zi Chew to inform him, ‘this is a crime that’s being committed and your organisation is very slow’,” Fahmi said, warning that such behaviour would not be tolerated.

The trigger for this confrontation was a viral TikTok video in which a man falsely claimed to be a pathologist working on the investigation into the death of Zara Qairina Mahathir, a case that has attracted public attention. Authorities say TikTok’s delay in handling the matter forced the minister to personally intervene.

Top executives of TikTok are expected to appear at Malaysia’s federal police headquarters, Bukit Aman, on Thursday. The Inspector-General of Police and the Attorney-General will also attend the meeting.

Meta has not been spared as the company, which owns Facebook, Instagram, and WhatsApp, is being summoned over disturbing materials linked to paedophilia that spread across its platforms, including content uncovered during a cybercrime operation known as Operation Pedo. 

Authorities have specifically flagged an online group called Geng Budak Sekolah, which circulated indecent content targeting children.

The Malaysian government has classified several categories of online activity as harmful. These include gambling, scams, child pornography and grooming, cyberbullying, and content linked to race, religion, and royalty. Officials argue that these categories pose both social and national security risks.

Fahmi has insisted that every platform must comply with local laws and respond quickly to enforcement requests. “We see these platforms are not taking the matter seriously, so the dialogue process will continue, and we will stress that Malaysian law applies to them and they must comply. We will summon every platform,” he said.

At the Al Grand Prix Conference 2025, Fahmi also disclosed that Malaysia is considering mandatory identity verification for all online sales and advertising. The proposal is intended to limit fake accounts, deepfakes, and fraud. Singapore already enforces a similar policy, and Malaysia is positioning itself to follow that model.

The issue aligns with international trends where Governments from India to Indonesia, and even within the European Union, are tightening regulations on global tech giants, imposing fines, and in some cases threatening outright bans for non-compliance.

Neither TikTok nor Meta has issued an immediate public response to Malaysia’s latest move.

The company disclosed these findings in its August 2025 Threat Intelligence Report, raising fresh alarms over the fast-growing misuse of artificial intelligence in cybercrime.

According to the report, attackers attempted to manipulate Claude into: drafting phishing emails with psychological precision, generating and debugging malicious code, bypassing filters through repeated prompts, producing persuasive propaganda posts at scale, and even guiding inexperienced hackers with step-by-step instructions. 

In one case, Claude Code was used in a campaign that targeted 17 organisations, from healthcare providers to government agencies, with ransom demands reaching $500,000.

Anthropic confirmed that its security defences intercepted the activity. Compromised accounts were banned, high-risk prompts blocked, and restrictions placed on access to financial, adult, and pirated content. 

The company also introduced mandatory confirmation for risky actions such as publishing or sharing sensitive personal data. These measures, it said, cut the success rate of prompt injections from 23.6% to 11.2%, a notable improvement in system resilience.

The company explained: “We will continue publishing reports whenever we detect major threats. Our goal is to help the wider community understand how these systems may be exploited and how to stop them.”

Earlier this year, Microsoft’s Azure OpenAI service was breached, allowing hackers to generate harmful content by sidestepping safeguards. OpenAI, in June, launched a dedicated initiative to combat malicious use of AI in covert operations and cyber espionage. 

Google’s Gemini has also faced issues for what was described as inadequate transparency in its safety measures.

Governments are now stepping in. The European Union’s Artificial Intelligence Act began enforcement on 2 August 2025. It introduces strict risk management rules for general-purpose AI, cybersecurity-by-design requirements for high-risk systems, and penalties of up to €35 million or 7% of global turnover. 

In the United States, the White House has secured voluntary commitments from major AI developers, but critics argue that only binding regulation will close the gap between safeguards and threats.

With AI models becoming more powerful, the line between innovation and exploitation will only grow sharper.

Interpol recently revealed that cybercrime, specifically ransomware incidents, cost the South African economy up to 1% of the country’s GDP, while the Council for Scientific and Industrial Research estimated the loss at R2.2-billion a year.

At the end of last year it was revealed that South Africa was hit by 2679 reported cyber attacks in the past two years, but that only 83 were passed to the National Prosecuting Authority (NPA) because of capacity constraints, with a shortage of more than 150 cybercrime detectives.

This paints a grim picture for South African businesses who clearly need to do all they can to protect themselves.

However, cybercrime is not treated urgently enough by many businesses in this country. Here’s a look at the state of the nation regarding cybercrime and how businesses could improve their prospects of remaining protected:

Lack of awareness and proactive measures

Despite alarming headlines about the cost of cybercrime, or high-profile ransomware cases that make the news, there’s just not enough awareness about how serious the problem is, or just how close to home it is.

Many South African businesses are more focused on day-to-day operations, or even survival, rather than investing in proactive cybersecurity measures.

This is because many businesses operate under the illusion that they are safe. They have a false sense of security that emanates from relying on basic digital hygiene such as passwords and biometric recognition to access their devices.

There is most definitely a need for more businesses to understand the extent to which their data and activities are being accessed, exploited and shared, even through seemingly innocuous actions like connecting to public Wi-Fi networks.

The facts are clear and unambiguous. In a global environment where cybercrime is surging, and where South Africa is an open playing field for criminals, there absolutely needs to be an investment in proactive and agile cybersecurity measures.

Artificial intelligence (AI)’s impact on cybersecurity

Cybercriminals aren’t just people who wake up one morning and decide to take a chance to find a quick win. There are highly organised cartels of criminals who use increasingly sophisticated means to achieve their goals.

Cybercriminals are increasingly leveraging generative AI to create highly sophisticated phishing attacks. They are using AI to exploit vulnerabilities in South African businesses.

AI is making it easier for attackers to target business insiders to gain access to systems – giving them the ability to get right through basic security measures like passwords or facial recognition. It is a huge threat, and compared to their counterparts in other markets and regions of the world, local businesses often lack the necessary cybersecurity awareness and infrastructure to detect and respond – in time – to AI-powered attacks. AI can, and should, be leveraged as a defence against these sophisticated attacks.

Cybercriminals are exploiting South African vulnerabilities

By way of example, a local business that was hosting its customer systems on a local internet service provider suffered a major performance degradation as a result of cyber attacks.

What the business didn’t anticipate, when hosting with the ISP, was the relentless hacker bot attacks on the ISPs infrastructure, which then severely impacted the business’s own operations.

This shows that criminals are specifically choosing to target South African businesses and their supporting infrastructure.

South Africa’s banking and financial services industry is highly competitive and innovative, and ironically, this has put a target on the backs of businesses in these sectors. Innovation is prime real estate for cybercriminals who seek to exploit the latest technologies and data-driven business models.

The attack that’s detected too late

Cybercriminals are professionals at what they do. If they always kicked down the front door and made a noisy entrance they’d be easier to detect.

A growing trend is where the initial attack occurs a long time, sometimes months, before the actual ransomware event.

This makes it extremely difficult for businesses to recover their data – even with robust backup systems. The wake-up call for local businesses is that these sophisticated, long-term attacks are particularly prevalent in the South African context where many businesses just don’t have the necessary security infrastructure to detect and respond to attacks in a timely manner. Criminals know this, so they play the waiting game.

The need for more education and awareness

The first big education job needs to happen at an executive level. South African business decision-makers need to become acutely aware of the state of the cybersecurity landscape, and just how vulnerable their businesses really are. This is critical to avoid businesses carrying on as usual under the illusion of security.

South African employees, too, have shown themselves to be easily tricked into providing sensitive information or granting access to systems, even in the face of basic security measures.

Factor generative AI that can make attacks seem more believable than ever before, and the problem is compounded. Yet, organisations tend to rely on the trustworthiness of their employees and the perceived safety of their devices.

South Africa plays in the same digital arena as the rest of the world, but South African businesses are not exposed to the same level of awareness and education as in other regions.

Attacks that could be thwarted easily in other markets, are often successful on these shores. This makes us an attractive target.

The need for a holistic cybersecurity strategy

One would never find a physical business with valuable and sought-after stock in South Africa protected only by burglar bars, an alarm system and solid security gate. The same should be true for cybersecurity. It needs to cover all the bases.

Businesses need a platform with comprehensive security solutions, 24/7 support, and rapid detection and response capabilities.

Furthermore, the best cybersecurity solutions are brand agnostic, meaning they can integrate with a wide range of existing security infrastructure and devices.

Not being tied to particular vendors offers businesses the freedom to develop more comprehensive strategies.

Lastly, businesses would do well to seek out platforms and partners that provide advisory services and tailored solutions that address their specific vulnerabilities.

A holistic cybersecurity strategy is non-negotiable in an environment where criminals hide deep in a world we can’t see, yet they need to be detected and stopped in time.

In collaboration with organisations such as the National Center for Missing and Exploited Children (NCMEC) and Thorn, the platform seeks to provide both teens and their parents with tools to recognise and avoid these scams. 

To raise awareness, Instagram is partnering with popular creators to engage teens and educate them about sextortion. 

This campaign will be accompanied by an educational video that outlines common tactics used by scammers, such as pressuring individuals to share images or attempting to shift conversations to other platforms. 

The initiative also reassures teens that falling victim to sextortion is not their fault and provides resources for seeking help.

Again, Instagram has rolled out several new safety features to disrupt potential sextortion activities. One of the most outstanding changes is the restriction on taking screenshots of images or videos sent via direct messages, particularly content set to “view once” or “allow replay.” 

This update is designed to ensure that sensitive material shared on the platform remains secure and unrecorded. The platform will also prevent users who exhibit suspicious behaviour from viewing others’ follower lists, preventing them from using such information to manipulate or intimidate their targets.

For additional protection, Instagram is globally launching its nudity protection feature, which blurs images flagged as inappropriate before they can be viewed in direct messages. 

This feature, enabled by default for users under 18, aims to protect teenagers from receiving unsolicited explicit content. The social network has also partnered with mental health services such as Crisis Text Line in the US to offer real-time support for users who report issues like sextortion or child exploitation.

Instagram’s focus on curbing sextortion is not limited to user education and in-app safety features. The platform is also standing against organised sextortion rings, removing thousands of accounts linked to groups involved in these criminal activities. 

This sophisticated malware is designed to steal banking credentials and financial information from unsuspecting users. 

Disguised as legitimate PDF and QR code readers, the trojan employs advanced techniques to bypass security measures and display fake login screens. 

So far, over 70,000 devices have been infected through various apps on the Google Play Store.

According to ngCERT, the Anatsa banking trojan leverages Android’s accessibility services to gain full control over infected devices, allowing attackers to carry out fraudulent transactions. 

“The trojan is delivered through malicious apps that appear to be legitimate PDF and QR code readers or cleaner apps,” noted ngCERT. 

“These apps initially behave normally until they secretly download, decrypt, and execute the trojan’s payload, which bypasses the restricted settings for accessibility services, mostly in Android 13.”

The trojan then establishes a connection with its command and control (C2) server and waits for instructions from the attacker, ngCERT added.

“The trojan is capable of stealing the user’s banking credentials, credit card details, and payment information by overlaying fake login screens on top of legitimate banking apps and by recording keystrokes.”

The trojan can “prevent the user from interacting with certain apps that are defined by the attacker and can download, upload, delete, install, and find files on the device.”

Upon successful installation, the Anatsa trojan allows attackers to remotely interact with the device, launch phishing attacks to steal sensitive financial information, block access to legitimate applications such as security apps or system settings, and manipulate files on the device.

To prevent or mitigate the infection, ngCERT recommends that Android users exercise caution when downloading apps. Users should “avoid installing apps from unknown or untrusted sources and check the reviews and ratings of the apps before downloading them from the Google Play Store.” 

It is also advisable to “avoid calling numbers provided in unsolicited messages or emails and be wary of apps that ask for unnecessary or excessive permissions, such as accessibility services or installation of unknown apps.”

If an app suspected to contain the Anatsa trojan is found, it should be uninstalled immediately, and the device should be scanned with a reputable antivirus app. 

Users should also “change the banking passwords and monitor the account activity for any suspicious transactions and report them to the respective banks.”

Using and keeping antivirus software updated to detect and remove malware, as well as ensuring that the Android device and apps are updated to the latest versions, are key in protecting against this threat.